Commit Graph

11173 Commits

Author SHA1 Message Date
Tom Eastep
96f5aec71f Add ZONE_BITS configuration option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 10:40:47 -08:00
Tom Eastep
fe09646bed Make zone types a power of 2.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 09:23:39 -08:00
Tom Eastep
348c6c8cf7 Correct handling of LOGMARK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 07:22:07 -08:00
Tom Eastep
d096b9399a Fix '\!' handling in validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-15 16:41:32 -08:00
Tom Eastep
afaf0d9de8 Trivial optimiation in validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-13 06:19:40 -08:00
Tom Eastep
28a1087cd4 Cleanup of rewritten validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-13 05:58:59 -08:00
Tom Eastep
73ed66b9b9 Add ULOG and NFLOG capabilities plus LOGMARK for IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-12 14:10:48 -08:00
Tom Eastep
bf010dc03e Macro changes from Tuomo Soini 2011-11-11 15:08:57 -08:00
Tom Eastep
ffec7a4d95 More corrections to wildcard interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-11 07:29:44 -08:00
Tom Eastep
04dfe26549 Remove two unused variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-11 05:23:37 -08:00
Tom Eastep
972721facb Remove some white space
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 17:52:25 -08:00
Tom Eastep
6813409c31 Make the previous patch a bit cleaner
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 07:19:21 -08:00
Tom Eastep
d85f6970e3 Fix wildcard interfaces
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:53:48 -08:00
Tom Eastep
83d373c0aa More documentation cleanup.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:52:14 -08:00
Tom Eastep
7ebf5a4284 Correct links in shorewall.conf manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-09 09:56:59 -08:00
Tom Eastep
d053faadde Allow convertion of a legacy blacklist configuration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8 Delete BLACKLISTSECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401 Update config files and manpages for BLACKLISTSECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 12:05:07 -08:00
Tom Eastep
b0103a51d5 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2011-11-06 08:44:26 -08:00
Tom Eastep
1091c24348 Implement the BLACKLISTSECTION option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 08:43:38 -08:00
Tom Eastep
755ed9859b Merge branch '4.4.25' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2011-11-06 06:16:43 -08:00
Roberto C. Sanchez
cf8c30904d Add support for a "status" command to the Debian init scripts
(cherry picked from commit d36a2030ea)
2011-11-06 09:10:59 -05:00
Tom Eastep
38d1a2ada9 Add DropSmurfs and TCPFlags to the IPv6 actions.std file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:54:21 -07:00
Tom Eastep
d883e45f83 Correct 'start -f' with AUTOMAKE=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:54:05 -07:00
Tom Eastep
e236be37db Include the rawpost table in dump output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:52:40 -07:00
Tom Eastep
a842fad629 Mention that 'ignore' exempts the inteface from hairpin filtering.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 13:49:23 -07:00
Tom Eastep
689e9b0fe1 Make replacement of '+' by '*' global in case statements.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 13:49:10 -07:00
Tom Eastep
aed595f1d8 Document the 'ignore' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 08:51:56 -07:00
Tom Eastep
352dba1aac More cleanup of the IN_BANDWIDTH code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-02 06:34:35 -07:00
Roberto C. Sanchez
d36a2030ea Add support for a "status" command to the Debian init scripts 2011-11-01 19:55:02 -04:00
Tom Eastep
b9a7374130 Omit estimator when no avrate.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 11:16:51 -07:00
Tom Eastep
cfa33e894f Restore IN_BANDWIDTH functionality on moribund distributions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 07:02:32 -07:00
Tom Eastep
8b8140cc9f Add 'Basic Filter' capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 06:34:57 -07:00
Tom Eastep
f3b5d5585f Correct detection of FLOW_FILTER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 06:21:34 -07:00
Tom Eastep
0a605c63f2 Add note about separate blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-31 08:46:11 -07:00
Tom Eastep
dc1f815679 Reload blacklistsection chains even when legacy blacklisting is used.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-31 08:04:32 -07:00
Tom Eastep
29f6f6e3f2 Allow 'refresh' to reload chains from the BLACKLIST section.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-30 06:05:24 -07:00
Tom Eastep
e997b7e662 Update Build doc to reflect change to 'setversion'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-30 05:26:23 -07:00
Tom Eastep
16457ce85b Evaluate a variable at compile-time rather than at run-time
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-27 07:07:38 -07:00
Tom Eastep
3aac252645 Cleanup of IPv6 config files and manpages
- Add BLACKLIST section to IPv6 rules files.
- Add USE_DEFAULT_RT to the shorewall6.conf files and to the manpage.
2011-10-26 05:59:27 -07:00
Tom Eastep
5e97dc1954 Fold long lines in the FAQ
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-25 14:28:18 -07:00
Tom Eastep
c319921365 Correct validation of 4in6 addresses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-25 06:19:34 -07:00
Tom Eastep
3258806f6c Insure that 32767 default rule exists on IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 21:15:09 -07:00
Tom Eastep
ccdda4c73b Tighten the rule compatibility test in sub compatible().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 13:16:17 -07:00
Tom Eastep
3c98094242 Combine all IPV6 filtering in the routing table copy routines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 13:15:36 -07:00
Tom Eastep
14764acd2d Restore a blank line in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 08:50:15 -07:00
Tom Eastep
3ce5449257 Change the Caution at the top of the FAQs to refer to 4.4 rather than 4.3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 06:23:33 -07:00
Tom Eastep
ee66be8f32 Place all ip-address rules at priority 20000.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 17:11:41 -07:00
Tom Eastep
54ba4ed879 Add MARK column to route_rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 07:56:53 -07:00
Tom Eastep
2316162d86 Fix last section of two-interface doc 2011-10-22 16:22:44 -07:00